CISA Refresher 6 Flashcards

Question

COBIT 5 Principles

Answer 1

1. Meeting stakeholder needs

Answer 2

include policies, procedures and practices established by management to provide reasonable assurance that specific objectives will be achieved

Answer 3

an audit that includes specific tests of controls to demonstrate adherence to specific regulator or industry standards

Answer 4

an audit that assesses the accuracy of financial reporting

Answer 5

an audit designed to evaluate the internal control structure in a given process or area

Answer 6

an audit that combines financial and operational audit steps

Answer 7

an audit oriented to assess issues related to the efficiency of operational productivity within an organization

Answer 8

an audit that collects and evaluates evidence to determine whether the information systems and related resources adequately safeguard assets, maintain data and system integrity and availability, provide relevant and reliable information, achieve organizational goals, consume resources efficiently, and have, in effect, internal controls that provide reasonable assurance that business, operational and control objectives will be met

Answer 9

a widely known auditing standard developed by the AICPA that defines the professional standards used by a service auditor to assess the internal controls of a service organization

Answer 10

an audit specialized in discovering, disclosing and following up on frauds and crimes

Answer 11

identifies the scope, audit objectives and audit procedures to obtain sufficient, relevant and reliable evidence to draw and support audit conclusions and opinions; includes the audit strategy and audit plan

Answer 12

overall approach to the audit that considers the nature of the client, risk of significant misstatements, and other factors such as the number of client locations and past effectiveness of client controls

Answer 13

a set of documented audit procedures designed to achieve planned audit objectives; components include a statement of scope, statement of objectives, and a statement of audit programs

Answer 14

an audit approach that is adapted to develop and improve the continuous audit process; used to assess risk and assist the IS auditor in making the decision to perform either compliance testing or substantive testing

Answer 15

the risk level or exposure of the process/entity to be audited without taking into account the controls that management has implemented

Answer 16

the risk that a material error exists that would not be prevented or detected on a timely basis by the system of internal controls

Answer 17

the risk that material errors or misstatements that have occurred will not be detected by the IS auditor

Answer 18

the probability that information or financial reports may contain material errors and that the auditor may not detect an error that has occurred

Answer 19

the risk that incorrect assumptions are made about the characteristics of a population from which a sample is selected

Answer 20

a risk response that includes applying appropriate controls to reduce the risks

Answer 21

a risk response that includes knowingly and objectively not taking action, providing the risk clearly satisfies the organization's policy and criteria

Answer 22

a risk response that includes avoiding risks by not allowing actions that would cause the risks to occur

Answer 23

a risk response that includes transferring the associated risks to other parties, e.g. insurers or suppliers

Answer 24

refer to the specific goals that must be accomplished by the audit

Answer 25

evidence gathering for the purposes of testing an organization's compliance with control procedures; determines if controls are being applied in a manner that complies with management policies and procedures

Answer 26

evidence gathering for the purposes of evaluating the integrity of individual transactions, data or other information; substantiates the integrity of actual processing

Answer 27

any information used by the IS auditor to determine whether the entity or data being audited follows the established criteria or objectives, and supports audit conclusions

Answer 28

the subset of population members used to perform testing

Answer 29

sampling that uses the laws of probability to select and evaluate the results of an audit sample, thereby permitting the auditor to quantify the sampling risk for the purpose of reaching a conclusion about the population

Answer 30

audit sampling that relies on the auditor's judgment to determine sample size, select the sample, and/or evaluate the results for the purpose of reaching a conclusion about the population

Answer 31

sampling used to estimate the proportion of a population that possesses a specified characteristic; the primary sampling method used for compliance testing

Answer 32

sampling that allows the audit test to be stopped at the earliest possible moment

Answer 33

a sampling plan that is appropriate when the expected occurrence rate is extremely low, used when the auditor desires a specific chance of observing at least one example of occurrence

Answer 34

sampling that deals with population characteristics that vary, such as monetary values and weights, and provides conclusions related to deviations from the norm

Answer 35

a percentage expression of the probability that the characteristics of the sample are a true representation of the population

Answer 36

equal to one minus the confidence coefficient

Answer 37

represents the acceptable range difference between the sample and the actual population

Answer 38

an estimate stated as a percent of the errors that may exist

Answer 39

the sum of all sample values, divided by the size of the sample

Answer 40

computes the variance of the sample values from the mean of the sample

Answer 41

maximum misstatement or number of errors that can exist without an account being materially misstated

Answer 42

measures the relationship to the normal distribution

Answer 43

refer to audit software that uses auditor-supplied specifications to generate a program that performs audit functions, thereby automating or simplifying the audit process

Answer 44

standard software designed to read, process, and write data with the help of functions performing specific audit routines and with self-made macros

Answer 45

subset of software that provides evidence to auditors about system control effectiveness

Answer 46

using a sample set of data to assess whether logic errors exist in a program and whether the program meets its objectives

Answer 47

A control that reduces the risk that an existing or potential control weakness will result in a failure to meet a control objective (e.g., avoiding misstatements).

Answer 48

used by the auditor to report findings and recommendations to management

Answer 49

A method/process by which management and staff of all levels collectively identify and evaluate risk and controls with their business areas. This may be under the guidance of a facilitator such as an auditor or risk manager; includes testing the design of automated application controls

Answer 50

any approach in which the primary responsibility for analyzing and reporting on internal control and risk is assigned to auditors, and to a lesser extent, controller departments and outside consultants

Answer 51

the process whereby appropriate audit disciplines are combined to assess key internal controls over an operation, process or entity

Answer 52

provided by IS management and tools and typically based on automated procedures to meet fiduciary responsibilities

Answer 53

"A methodology that enables independent auditors to provide written assurance on a subject matter using a series of auditors reports issued simultaneously with or a short period of time after the occurrence of the events underlying the subject matter"

Answer 54

the system by which business corporations are directed and controlled; a set of responsibilities and practices used by an organization's management to provide strategic direction, thereby ensuring that goals are achievable, risks are properly addressed and organizational resources are properly utilized

Answer 55

the body of issues addressed in considering how IT is applied within the enterprise

Answer 56

a structure of relationships and processes used to direct and control the enterprise toward achievement of its goals by adding value while balancing risk vs. return over IT and its processes

Answer 57

1. Strategic Alignment

Answer 58

focuses on ensuring the linkage of business and IT plans; defining, maintaining and validating the IT value proposition; and aligning IT operations with enterprise operations

Answer 59

executing the value proposition throughout the delivery cycle, ensuring that IT delivers the promised benefits against the strategy, concentrating on optimizing costs and proving the intrinsic value of IT

Answer 60

the optimal investment it, and the proper management of, critical IT resources: applications, information, infrastructure and people

Answer 61

tracks and monitors strategy implementation, project completion, resource usage, process performance and service delivery

Answer 62

a process management evaluation technique that can be applied to the IT governance process in assessing the IT functions and processes; supplements traditional financial evaluation with measures concerning user satisfaction, internal processes and the ability to innovate

Answer 63

As a committee of the board, it assists the board in overseeing the enterprise's IT-related matters by ensuring that the board has the internal and external information it requires for effective IT governance decision making.

Answer 64

a committee, comprised of a group of managers and staff representing various organizational units, set up to establish IT priorities and to ensure that the MIS function is meeting the needs of the enterprise

Answer 65

governance focused on specific value drivers: confidentiality, integrity, and availability of information, continuity of services and protection of information assets

Answer 66

integration of an organization's management assurance processes for security

Answer 67

involves documenting an organization's IT assets in a structured manner to facilitate understanding, management and planning for IT investments; involves both a current state and an optimized state

Answer 68

a model framework that is a starting point for many contemporary EA projects the helps move IT projects from abstract to physical using models and representations with progressively greater levels of detail

Answer 69

a business and performance based framework to support cross-agency collaboration, transformation and government-wide improvement

Answer 70

long-term direction an enterprise wants to take in leveraging information technology for improving its business processes

Answer 71

has an explicitly directive, strategic goal in determining what the enterprise will continue to invest in vs. what the enterprise will divest

Answer 72

high-level document that represents the corporate philosophy of an organization

Answer 73

policy that communicates a coherent security standard to users, management and technical staff

Answer 74

policy that includes statements on confidentiality, integrity, and availability

Answer 75

policy that should describe the classifications, levels of control at each classification and responsibilities of all potential users including ownership

Answer 76

policy that includes information for all information resources and describes the organizational permissions for the usage of IT and information-related resources

Answer 77

policy that describes the parameters and usage of desktop, mobile computing and other tools by users

Answer 78

policy that describes the method for defining and granting access to users to various IT resources

Answer 79

detailed steps defined and documented for implementing policies

Answer 80

the process of identifying vulnerabilities and threats to the information resources used by an organization in achieving business objectives and deciding what countermeasures, if any, to take in reducing risk to an acceptable level, based on the value of the information resource to the organization

Answer 81

The quantifiable metrics a company uses to evaluate progress toward critical success factors

Answer 82

any circumstance or event with the potential to cause harm (such as destruction, disclosure, modification of data and/or denial of service) to an information resource

Answer 83

characteristics of information resources that can be exploited by a threat to cause harm

Answer 84

the result of a threat agent exploiting a vulnerability

Answer 85

the remaining level of risk once controls have been applied; can be used by management to further reduce risk by identifying those areas in which more control is needed

Answer 86

method that uses words or descriptive rankings to describe in the impact or likelihood of risk (high, medium, low)

Answer 87

method that uses descriptive rankings that are associated with a numeric scale to describe the impact or likelihood of risk

Answer 88

method that uses numeric values to describe the likelihood and impact of risk, using data from several types of sources such as historic records, past experiences, industry practices and records, statistical theories, testing, and experiments (usually monetary terms)

Answer 89

practices that reflect the implementation of policies and procedures developed for various IS-related management activities

Answer 90

organizational policies and procedures for recruiting, selecting, training and promoting staff, measuring staff performance, disciplining staff, succession planning, and staff retention

Answer 91

the way in which the organization will obtain the IS functions required to support the business (in-house, outsource)

Answer 92

contractual agreements under which an organization hands over control of part or all of the functions of the IS department to an external party

Answer 93

a document that provides a company with a performance guarantee for services outsourced to a vendor

Answer 94

A process of continuously measuring system results, comparing those results to optimal system performance (industry standards or best practices), and identifying steps and procedures to improve system performance

Answer 95

model for enabling convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction

Answer 96

provides a framework for three Service Organization Control (SOC) reporting options

Answer 97

focus solely on controls at a service organization that are likely to be relevant to an audit of a user entity's financial statements

Answer 98

the set of responsibilities, roles, objectives, interfaces and controls required to anticipate change and manage the introduction, maintenance, performance, costs and control of third-party provided services

Answer 99

involves the use of a defined and documented process to identify and apply technology improvements at the infrastructure and application level that are beneficial to the organization and involve all levels of the organization impacted by the changes

Answer 100

one of the means by which IT department-based processes are controlled, measured and improved; may include: software development/maintenance/implementation, acquisition of hardware or software, day-to-day operations, service management, security, HR management, general administration

Answer 101

1. Measure products/services

Answer 102

responsible for programmers and analysts who implement new systems and maintain existing systems

Answer 103

responsible for planning and executing IT projects and may report to a project management officer or to the development organization

Answer 104

unit within an organization that responds to technical questions and problems faced by users

Answer 105

responsible for operations related to business application services; used to distinguish the person for whom the product was designed from the person who programs, services, or installs applications

Answer 106

responsible as a liaison between the IS department and the end users

Answer 107

responsible for the data architecture in larger IT environments and tasked with managing data as a corporate asset

Answer 108

responsible for negotiating and facilitating quality activities in all areas of information technology

Answer 109

responsible for computer operations personnel, including all staff required to run the data center efficiently and effectively

Answer 110

responsible for the collection, conversion and control of input, and the balancing and distribution of output to the user communicty

Answer 111

responsible for recording, issuing, receiving, and safeguarding all program and data files that are maintained on removable media

Answer 112

The process of getting information into a database, usually done by people typing it in by way of data-entry forms designed to simplify the proces

Answer 113

responsible for maintaining major multi-user computer systems, including LANs, WLANs, WANs, PANs, SANs, intranets and extranets, and mid-range and mainframe systems

Answer 114

responsible for ensuring that the various users are complying with the corporate security policy and controls are adequate to prevent unauthorized access to the company assets

Answer 115

helps the IS department to ensure that personnel are following prescribed quality processes

Answer 116

responsible for conducting tests or reviews to verify and ensure that software is free from defects and meets user expectations

Answer 117

custodian of an organization's data; defines and maintains the data structures in the corporate database system

Answer 118

specialist who designs systems based on the needs of the user and are usually involved during the initial phase of the system development life cycle

Answer 119

responsible for evaluating security technologies; design security aspects of the network topology, access control identity management and other security systems; and establish security policies and security requirements

Answer 120

responsible for developing and maintaining applications; should work in a test-only environment

Answer 121

responsible for maintaining the systems software, including the operating system

Answer 122

responsible for key components of the infrastructure (routers, switches, firewalls, network segmentation, performance management, remote access, etc.); report to the director of the IPF or an end-user manager

Answer 123

avoids the possibility that a single person could be responsible for diverse and critical functions in such a way that errors or misappropriations could occur and not be detected in a timely manner an in the normal course of business processes

Answer 124

custody of the assets, authorization, recording transactions

Answer 125

internal controls that are intended to reduce the risk of an existing or potential control weakness when duties cannot be appropriately segregated

Answer 126

help the IS and user departments as well as the IS auditor by providing a map to retrace the flow of a transaction; recreates the actual transaction flow from the point of origination to its existence on an updated file

Answer 127

independent verification typically performed by the user that increases the level of confidence that the application processed successfully and the data are in proper balance

Answer 128

Identifying data that is not within "normal limits" so that managers can follow up and take corrective action; should require evidence, such as initials on a report, noting that the exception has been handled properly

Answer 129

a record of transactions (can be logged manually or automatically)

Answer 130

A document specifying all the system requirements and soliciting a proposal from each vendor contacted

Answer 131

the ability of an organization to maintain its operations and services in the face of a disruptive event

Answer 132

Provides procedures for emergency responses, extended backup operations, and post-disaster recovery

Answer 133

a detailed process for recovering information or an IT system in the event of a catastrophic disaster such as a fire or flood

Answer 134

a process to return operations to normality whether in a restored or new facility

Answer 135

specifies how to resume business processes specifically related to IS in the face of a disruptive event; should be aligned with the strategy of the organization

Answer 136

how risk is calculated; uses either qualitative or quantitative means

Answer 137

the activity in Business Continuity Management that identifies vital business functions and their dependencies; allows the organization to determine the maximum downtime possible and to quantify losses as they grow after a disruption, thus allowing the organization to make a decision on the technology used for protection and recovery of its key information assets

Answer 138

typically details the process IT personnel will use to restore the computer systems

Answer 139

disruptions that cause critical information resources to be inoperative for a period of time, adversely impacting organizational operations

Answer 140

an epidemic or outbreak of infectious diseases in humans that have the ability to spread rapidly over large areas

Answer 141

a document approved by top management that defines the extent and scope of the business continuity effort within the organization

Answer 142

any unexpected event, even if it causes no significant damage

Answer 143

incident that causes no perceptible or significant damage

Answer 144

incidents that, while not negligible, produce no negative material (of relative importance) or financial impact

Answer 145

incidents that cause a negative material impact on business processes and may affect other systems, departments or even outside clients

Answer 146

a major incident that can have serious material impact on the continued functioning of the business and may also adversely impact other systems or third parties

Answer 147

costs incurred during the period after a disaster in which the business is not functioning; cost grows quickly with time, where the impact of a disruption increases the longer it lasts

Answer 148

cost of activating the business continuity plan (alternative corrective measures), which decreases with the target chosen for recovery time

Answer 149

determination of risk based upon the impact derived from the critical recovery time period, as well as the likelihood that an adverse disruption will occur (critical, vital, sensitive, nonsensitive)

Answer 150

a paper walk-through of the BCP, involving major players in the plan's execution who reason out what might happen in a particular type of service disruption

Answer 151

localized version of a full BCP test, wherein actual resources are expanded in the simulation of a system crash

Answer 152

one step away from an actual service disruption; a full test of the BCP

Answer 153

the process by which an organization evaluates technology solutions to business problems

Answer 154

all of the projects (related or unrelated) being carried out in an organization at a given point in time

Answer 155

a group of projects and time-bound tasks that are closely linked together through common objectives, a common budget, and intertwined schedules and strategies

Answer 156

document that provides the information required for an organization to decide whether a project should proceed

Answer 157

the application of knowledge, skills, tools, and techniques to a broad range of project activities to achieve a stated objective such as meeting the defined user requirements, budget and deadlines for an IS project

Answer 158

a type of project organization in which the project manager has only a staff function without formal management authority; the PM can only advise peers and team members as to which activities should be completed

Answer 159

a type of project organization in which the project manager has formal authority over those taking part in the project

Answer 160

a type of project organization in which management authority is shared between the project manager and the department heads

Answer 161

objectives that will always be directly coupled with business success

Answer 162

objectives that are not directly related to the main results of the project but may contribute to project success

Answer 163

objectives that add clarity to the scope, and project boundaries become clearer; these objectives shape the contours of the deliverables and help all parties to gain a clear understanding of what has to be done to avoid any ambiguities

Answer 164

a structure that represents the individual components of the solution and their relationships to each other in a hierarchical manner, either graphically or in a table

Answer 165

designed after the OBS has been compiled, this structures all the tasks that are necessary to build up the elements of the OBS during the project

Answer 166

a list of actions to be carried out in relation to work packages and includes assigned responsibilities and deadlines

Answer 167

management that demonstrates commitment to the project and approves the necessary resources to complete the project

Answer 168

management that assumes ownership of the project and resulting system, allocates qualified representatives to the team, and actively participates in business process redesign, system requirements definition, test case development, acceptance testing and user training

Answer 169

group that provides overall direction and ensures appropriate representation of the major stakeholders in the project's outcome; should be comprised of a senior representative from each relevant business area

Answer 170

person or group that provides funding for the project and works closely with the project manager to define the critical success factors and metrics for measuring the success of the project

Answer 171

management that provides technical support for hardware and software environments by developing, installing and operating the requested system

Answer 172

person that provides day-to-day management and leadership of the project, ensures that project activities remain in line with the overall direction, ensures appropriate representation of the affected departments, ensures that the project adheres to local standards, ensures that deliverables meet the quality expectations of key stakeholders, resolves interdepartmental conflicts, and monitors and controls costs and the project timetable

Answer 173

group that completes assigned tasks, communicates effectively with users by actively involving them in the development process, works according to local standards and advises the project manager of necessary project plan deviations

Answer 174

group that completes assigned tasks, communicates effectively with the systems developers by actively involving themselves in the development process as subject matter experts (SMEs), works according to local standards and advises the project manager of expected and actual project plan deviations

Answer 175

person that ensures that system controls and supporting processes provide an effective level of protection, based on the data classification set in accordance with corporate security policies and procedures

Answer 176

personnel who review results and deliverables within each phase of a project and at the end of each phase, and confirm compliance with requirements

Answer 177

relates to methods of determining the relative physical size of the application software to be developed

Answer 178

a multiple-point technique widely used for estimating complexity in developing large business applications

Answer 179

the sequence of activities whose sum of activity time is longer than that for any other path through the network; if everything goes according to schedule, the duration gives the shortest possible completion time for the overall project

Answer 180

the difference between the latest possible completion time of each activity that will not delay the completion of the overall project and the earliest possible completion time based on all predecessor activities

Answer 181

chart that aids in the scheduling of activities needed to complete a project; shows when an activity should begin and when it should end along a timeline

Answer 182

technique that uses three different estimates of each activity duration in lieu of using a single number for each activity duration (as used by CPM); the three estimates are then reduced to a single number and then the classic CPM algorithm is applied

Answer 183

a project management technique for defining and deploying software deliverables within a relatively short and fixed period of time, and with predetermined specific resources

Answer 184

consists of comparing the following metrics at regular intervals during the project: budget to date, actual spending to date, estimate to complete and estimate at completion

Answer 185

formal process in which lessons learned and an assessment of project management processes used are documented to allow reference, in the future, by other project managers or users working on projects of similar size and scope

Answer 186

process typically completed once the project has been in use for some time - long enough to realize its business benefits and costs, and measure the project's overall success and impact on the business units

Answer 187

the attributes of a business function that drive the behavior and implementation of that business function to achieve the strategic business goals of the company

Answer 188

modified Waterfall model that provides for back references for VERIFICATION and VALIDATION

Answer 189

an SDLC approach that assumes the various phases of a project can be completed sequentially - one phase leads (falls) into the next phase

Answer 190

method in which business requirements are developed and tested in iterations until the entire application is designed, built and tested

Answer 191

a study concerned with analyzing the benefits and solutions for the identified problem area

Answer 192

concerned with identifying and specifying the business requirements of the system chosen for development during the feasibility study

Answer 193

written request asking contractors to propose solutions and prices that fit customer's requirements; this method is more applicable in system integration projects when the requirement is more toward a solution and related support and maintenance

Answer 194

written request asking contractors to propose solutions and prices that fit customer's requirements; this method is more applicable where procurement of hardware, network, database, etc. is involved and when the product and related services are known in advance

Answer 195

these diagrams show how the entities that make up a relational database are linked together. Using cardinality the relationships are displayed using a straight line to link the entities, which are represented by a rectangle

Answer 196

groupings of like data elements or instances that may represent actual physical objects or logical constructs

Answer 197

properties or characteristics common to all or some of the instances of the entity

Answer 198

uniquely identifies each instance of the entity

Answer 199

depict how two entities are associated (and, in some cases, how instances of the same entity are associated)

Answer 200

one or more attributes held in one entity that map to the primary key of a related entity

Answer 201

the cutoff point in the design; also referred to as design freeze

Answer 202

developed early in the life cycle and refined until the actual testing phase, this identifies the specific portions of the system to be tested

Answer 203

a testing strategy that begins testing of atomic units, such as programs or modules, and work upward until a complete system testing has taken place

Answer 204

a testing strategy where the component at the top of the component hierarchy is tested first, with lower level components being simulated by stubs; tested components are then used to test lower level components; the process is repeated until the lowest level components have been tested

Answer 205

testing of an individual program or module

Answer 206

a hardware or software test that evaluates the connection of two or more components that pass information from one area to another

Answer 207

a series of tests designed to ensure that modified programs, objects, database schema, etc., which collectively constitute a new or modified system, function properly

Answer 208

checking the system's ability to recover after a software or hardware failure

Answer 209

making sure that the modified/new system includes provisions for appropriate access controls and does not introduce any security holes that might compromise other systems

Answer 210

testing an application with large quantities of data to evaluate its performance during peak hours

Answer 211

studying the impact on the application by testing with an incremental volume of records to determine the maximum volume of records (data) that the application can process

Answer 212

studying the impact on the application by testing with an incremental number of concurrent users/services on the application to determine the maximum number of concurrent users/services the application can process; should be carred out ina test environment using live workloads

Answer 213

comparing the system's performance to other equivalent systems using well-defined benchmarks

Answer 214

testing that focuses on the documented specifications and the technology employed; verifies that the application works as documented by testing the logical design and the technology itself

Answer 215

testing that supports the process of ensuring that the system is production-ready and satisfies all documented requirements; focuses on functional aspect of the application

Answer 216

testing that is performed only by users within the organization developing the software

Answer 217

a form of user acceptance testing that generally involves a limited number of external users

Answer 218

preliminary test that focuses on specific and predetermined aspects of a system; provides a limited evaluation of the system

Answer 219

testing that assesses the effectiveness of software program logic

Answer 220

an integrity-based form of testing associated with testing components of an information system's "functional" operating effectiveness without regard to any specific internal program structure

Answer 221

used to test the functionality of the system against the detailed requirements to ensure that the software that has been built is traceable to customer requirements

Answer 222

the process of rerunning a portion of a test scenario or test plan to ensure that changes or corrections have not introduced new errors

Answer 223

the process of feeding test data into two systems - modified system and and alternative system - and comparing the results

Answer 224

tests to confirm that the new or modified system can operate in its target environment without adversely impacting existing systems

Answer 225

consists of defining, tracking and controlling changes in a purchased system to meet the needs of the business

Answer 226

the actual operation of the new information system is established and tested

Answer 227

a full-system test conducted on the actual operations environment

Answer 228

the moving of data from the original application system into the newly implemented system

Answer 229

the conversion of existing data into the new required format, coding and structure while preserving the meaning and integrity of the data

Answer 230

refers to an approach to shift users from using the application from the existing (old) system to the replacing (new) system

Answer 231

a changeover approach that includes running the old system, then running both the old and new systems in parallel, and finally fully changing over to the new system after gaining confidence in the working of the new system

Answer 232

a changeover approach where the older system is broken into deliverable modules; the first module of the older system is phased out using the first module of the new system, then the second module is replaced, and so on until the last module is replaced

Answer 233

a changeover approach where the newer system is changed over from the older system on a cutoff date and time, and the older system is discontinued once the changeover to the new system takes place

Answer 234

the process by which an assessor organization performs a comprehensive assessment against a standard of management and operational and technical controls in an information system

Answer 235

the official management decision (given by a senior official) to authorize operation of an information system and to explicitly accept the risk to the organization's operations, assets, or individuals based on the implementation of an agreed-upon set of requirements and security controls

Answer 236

internal review to assess and critique the project process

Answer 237

review to assess and measure the value the project has on the business (benefits realization)

Answer 238

risk related to the likelihood that the new system may not meet the users' business needs, requirements and expectations

Answer 239

risk that the project activities to design and develop the system exceed the limits of the financial resources set aside for the project and, as a result, it may be completed late, if ever

Answer 240

the buying and selling of goods online, usually via the Internet

Answer 241

applies to any business that sells its products or services to consumers over the internet

Answer 242

applies to businesses buying from and selling to each other over the Internet

Answer 243

when administrative transactions are conducted over the Internet between a business and its employees, such as payroll and benefits

Answer 244

online transactions between businesses and governmental agencies

Answer 245

replaces the traditional paper document exchange (purchase orders, invoices, material release schedules), the proper controls and edits need to be built within each company's application system to allow this communication to take place

Answer 246

use computerized message switching and storage capabilities to provide electronic mailbox services similar to a post office

Answer 247

hosts that deliver, forward and store mail

Answer 248

interface with users and allow users to read, compose, send and store email messages

Answer 249

system that enables the capture of data at the time and place that sales transactions occur

Answer 250

a computerized cash payments system that transfers funds without the use of checks, currency, or other paper documents

Answer 251

a new means of delivering financial services electronically

Answer 252

a specialized form of the POS terminal that is designed for the unattended use by a customer of a financial institution

Answer 253

a phone technology that allows a computer to detect voice and touch tones using a normal phone call

Answer 254

system that stores, retrieves and processes graphic data, such as pictures, charts and graphs, instead of or in addition to text data

Answer 255

the science of designing and programming computer systems to do intelligent things and to simulate human thought processes suchs as reasoning and understanding language

Answer 256

systems that allow the user to specify certain basic assumptions or formulas and then uses these assumptions or formulas to analyze arbitrary events

Answer 257

a broad field of IT that encompasses the collection and analysis of information to assist decision making and assess organizational performance

Answer 258

a system that consists of individual databases contributing to a central repository from which data may be either drawn directly to supply an EHR workstation or sent to a warehouse that performs sophisticated analysis on data to supply decision support

Answer 259

diagrams that outline the major processes of an organization and the external parties with which the business interacts

Answer 260

diagrams that deconstruct business processes

Answer 261

an interactive system that provides the user with easy access to decision models and data from a wide range of sources in order to support semi-structured decision-making tasks typically for business purposes

Answer 262

an emphasis on the importance of focusing on information relating to transaction data, preferences, purchase patterns, status, contact history, demographic information, and service trends of customers rather than on products

Answer 263

concerned with maximizing the utility of the customer's service experience while also capturing useful data about the customer interaction

Answer 264

seeks to analyze information captured by the organization about its customers and their interactions with the organization into information that allows greater value to be obtained from the customer base

Answer 265

a system development strategy that refers to a family of similar development processes that espouse a nontraditional way of developing complex systems

Answer 266

an agile process that aims to move planning and directing tasks from the project manager to the team, leaving the project manager to work on removing the obstacles to the team, achieving their objectives

Answer 267

aka heuristic or evolutionary development, the process of creating a system through controlled trial and error procedures to reduce the level of risk in developing the system

Answer 268

a methodology that enables organizations to develop strategically important systems quickly while reducing development costs and maintaining quality

Answer 269

the process of solution specification and modeling where data and procedures can be grouped into an entity known as an object

Answer 270

the process of assembling applications from cooperating packages of executable software that make their services available through defined interfaces

Answer 271

a software development approach designed to achieve easier and more effective integration of code modules within and between enterprises

Answer 272

a process of updating an existing system by extracting and reusing design and program components

Answer 273

the process of studying and analyzing an application, a software application or a product to see how it functions and to use that information to develop a similar system

Answer 274

1. Review of existing architecture

Answer 275

1. Procurement phase

Answer 276

the processes of managing change to application systems while maintaining the integrity of both the production source and executable code

Answer 277

a systematic way of approving and executing changing in order to assure maximum security, stability and availability of information technology services

Answer 278

procedures throughout the software life cycle to identify, define and baseline software items in the system and thus provide a basis for problem management, change management and release management

Answer 279

tools, often incorporated with CASE products, that generate program code based on parameters defined by a systems analyst or on data/entity flow diagrams developed by the design module of a CASE product

Answer 280

the use of automated tools to aid in the software development process

Answer 281

CASE products used to describe and document business and application requirements

Answer 282

CASE products used for developing the detailed designed

Answer 283

CASE products involved with the generation of program code and database definitions

Answer 284

fourth-generation language; nonprocedural language that enables users and programmers to access data in a database

Answer 285

the process of responding to competitive and economic pressures, and customer demands to survive in the current business environment; usually done by automating system processes so that there are fewer manual interventions and manual controls

Answer 286

a continuous, systematic process for evaluating the products, services, or work processes of organizations recognized as a world-class "reference" in a globalized world

Answer 287

an international standard to assess the quality of software products that provides the definition of the characteristics and associated quality evaluation process to be used when specifying the requirements for, and evaluating the quality of, software products throughout their life cycle

Answer 288

a five-level model laying out a generic path to process improvement (maturity) for software development in organizations

Answer 289

a series of documents that provide guidance on process improvement, benchmarking and assessment including detailed guidance that can be leveraged to create enterprise best practices

Answer 290

0. Incomplete process

Answer 291

controls over input, processing, and output functions

Answer 292

verifies that all transactions have been authorized and approved by management

Answer 293

comparison of the items or documents actually processed against a predetermined control total

Answer 294

a process to identify data errors, incomplete or missing data and inconsistencies among related data items

Answer 295

controls that ensure that data in a file/database remain complete and accurate until changed as a result of authorized processing or modification routines

Answer 296

controls that ensure that only authorized processing occurs to stored data files

Answer 297

controls that provide assurance that the data delivered to users will be presented, formatted and delivered in a consistent and secure manner

Answer 298

involves evaluating controls at the process and activity level

Answer 299

implementing control procedures to clearly divide authority and responsibility within the information system function to prevent employees from perpetrating and concealing fraud

Answer 300

set of substantive tests that examines accuracy, completeness, consistency and authorization of data presently held in a system

Answer 301

uses auditor-supplied specifications to generate a program that performs audit functions, thereby automating or simplifying the audit process

Answer 302

refer to audit software, often called generalized audit software (GAS), that uses auditor- supplied specifications to generate a program that performs audit functions, thereby automating or simplifying the audit process

Answer 303

technique that involves taking "pictures" of the processing path that a transaction follows, from the input to the output stage

Answer 304

technique that involves embedding hooks in application systems to function as red flags and to induce IS auditors to act before an error or irregularity gets out of hand

Answer 305

a key encryption technique for wireless networks that uses keys both to authenticate network clients ant to encrypt data in the transit; has been demonstrated to have numerous flaws and has been deprecated in favor of newer standards

Answer 306

standard EDI transactions that tell trading partners that their electronic documents were received; used as an audit trail for electronic data interchange (EDI) transactions

Answer 307

responsible for the ongoing support of an organization's computer and information systems environment

Answer 308

has the overall responsibility for all operations within the IS department

Answer 309

a concept that comprises processes and procedures for efficient and effective delivery of IT services to business

Answer 310

a release that contains only those items that have undergone changes since the last release

Answer 311

an agreement between the IT organization and the customer that details the service(s) to be provided; the IT organization could be an internal IT department or an external IT service provider, and the customer is the business

Answer 312

the process of defining, agreeing upon, documenting and managing levels of service that are required and cost justified

Answer 313

automated reports that identify all applications that did not successfully complete or otherwise malfunctioned

Answer 314

logs generated from various systems and applications that should be considered to identify all application problems and provide additional, useful information regarding activities performed on the computer since most abnormal system and application events will generate a record in the logs

Answer 315

manual reports that are used by operators to log computer operations problems and their resolutions

Answer 316

schedules that are generally maintained manually by IS management to assist in human resource planning

Answer 317

a major function within the IS department that includes scheduling jobs that must be run, the sequence of job execution and the conditions that cause program execution

Answer 318

system software used by installations that process a large number of batch routines

Answer 319

focuses on providing increased continuity of service by reducing or removing the adverse effect of disturbances to IT services, and covers almost all nonstandard operations of IT services

Answer 320

aims to resolve issues through the investigation and in-depth analysis of a major incident, or several incidents that are similar in nature, in order to identify the root cause

Answer 321

part of change management that are established to control the movement of applications from the test environment, where development and maintenance occurs, to the quality assurance (QA) environment, to the production environment

Answer 322

the process responsible for planning, scheduling and controlling the movement of releases to test and live environments; primary objective is to ensure that the integrity of the live environment is protected and that the correct components are released

Answer 323

ensures continuous IT operation and security of business process and data

Answer 324

establishes the controls, techniques and processes necessary to preserve the confidentiality of sensitive information stored on media to be reused, transported, or discarded; involves the eradication of information recorded on storage media to the extent of providing reasonable assurance that residual content cannot be salvaged or restored

Answer 325

executes commands from a computer's hardware and software; the principal computer chip that contains several processing components, which determines the computer's operating speed; the "brain" of a computer

Answer 326

temporary memory a computer uses to store information while it is processing; memory is volatile

Answer 327

form of primary memory that holds items that can be read but not erased or changed by normal computer input; memory is nonvolatile

Answer 328

servers that allow businesses to consolidate printing resources for cost-savings

Answer 329

servers that provide for organization-wide access to files and programs

Answer 330

servers that host the software programs that provide application access to client computers, including the processing of the application business logic and communication with the application's database

Answer 331

servers that provide information and services to external customers and internal employees through web pages

Answer 332

servers that provide an intermediate link between users and resources; servers that access services on a user's behalf

Answer 333

servers that store raw data and act as a repository for storing information rather than presenting it to be usable

Answer 334

provide a specific service and normally would not be capable of running other services; these devices are significantly smaller, faster, and very efficient

Answer 335

a serial bus standard that interfaces devices with a host; was designed to allow connection of many peripherals to a single standardized interface socket; allows devices to be connected and disconnected without rebooting

Answer 336

a solid-state electronic data storage device used with digital cameras, handheld and mobile computers, telephones, music players, video game consoles and other electronics

Answer 337

uses radio waves to identify tagged objects within a limited radius

Answer 338

the planning and monitoring of computing and network resources to ensure that the available resources are used efficiently and effectively

Answer 339

the process of ensuring that the resource provision can always meet business requirements

Answer 340

a number of layers of circuitry and logic, arranged in a hierarchical structure that interacts with the computer's operating system

Answer 341

contains programs that interface between the user, processor and applications software; provides the primary means of managing the sharing and use of computer resources such as processors, real memory, auxiliary memory and I/O devices

Answer 342

software designed to prevent unauthorized access to data, unauthorized use of system functions and programs, and unauthorized updates/changes to data, and to detect or prevent unauthorized attempts to access computer resources

Answer 343

software that is used to transmit messages or data from one point to another, which may be local or remote

Answer 344

capabilities that are enabled by the system software components that enact and support the definition, storage, sharing and processing of user data, and deal with file management

Answer 345

system software that aids in organizing, controlling and using the data needed by application programs

Answer 346

helps define and store source and object forms of all data definitions for external schemas, conceptual schemas, the internal schema and all associated mappings

Answer 347

model where there is a hierarchy of parent and child data segments (parent-child relationships) that are 1:N relationships between record types

Answer 348

a flexible way of representing objects and their relationships (each entity can have multiple relationships); rarely used in current environments

Answer 349

a relational model based on the set theory and relational calculations that allows the definition of data structures, storage/retrieval operations and integrity constraints

Answer 350

a technique to make complex databases more efficient by eliminating as much redundant data as possible

Answer 351

system software used to perform maintenance and routines that frequently are required during noromal processing operations

Answer 352

where a number of users can access the software on the network at one time

Answer 353

refers to access control technologies that can be used by hardware manufacturers, publishers, copyright holders and individuals to impose limitations on the usage of digital content and devices

Answer 354

a technology in which users share common carrier resources

Answer 355

the signals are directly injected on the communication link so that one single channel is available on that link for transmitting signals; the entire capacity of the communication channel is used to transmit one data signal and communication can move in only one direction at a time

Answer 356

different carrier frequencies defined within the available band, can carry analog signals as if they were placed on separate baseband channels

Answer 357

the electronic transmission of data, sound and images between connected end systems

Answer 358

microcomputer network used for communications among computer devices being used by an individual person (typical range of 33 ft)

Answer 359

computer networks that cover a limited area such as a home, office or campus with higher data transfer rates

Answer 360

computer networks that cover a broad area such as a city, region, nation or an international link

Answer 361

WANs that are limited to a city or region; higher data transfer rates than WANs

Answer 362

a variation of LANs and are dedicated to connecting storage devices to servers and other computing devices

Answer 363

functional features made possible by appropriate OS applications that allow orderly utilization of the resources on the network

Answer 364

two insulated wires are twisted around each other, with current flowing through them in opposite directions

Answer 365

glass fibers are used to carry binary signals as flashes of light

Answer 366

data are communicated between devices using low-powered systems that broadcast and receive electromagnetic signals representing data

Answer 367

provide line-of-site transmission of voice and data through the air

Answer 368

contain several receiver/amplifier/transmitter sections called transponders; sends narrow beams of microwave signals between Earth and a satellite

Answer 369

define how networks are organized from a physical standpoint

Answer 370

define how information transmitted over the network is interpreted by systems

Answer 371

a data link level device that can divide and interconnect network segments and help to reduce collision domains in Ethernet-based networks

Answer 372

a network topology in which all computers and other devices are connected to a central host computer; all communications between network devices must pass through the host computer

Answer 373

a networking configuration in which all devices are connected to a central high-speed cable called the bus or backbone

Answer 374

a network configuration in which the computers and peripherals are laid out in a configuration resembling a circle; data flows around the circle from device to device in one direction only

Answer 375

physical layer devices that extend the range of a network or connect two separate network segments together

Answer 376

physical layer devices that serve as the center of a star topology network or network concentrator

Answer 377

data link layer devices developed to connect LANs or create two separate LAN or WAN network segments from a single segment to reduce collision domains

Answer 378

data link layer devices that link two or more physically separate network segments; operate by examining network addresses and making intelligent decisions to direct packets to their destination

Answer 379

devices that are protocol converters; typically connect and convert between LANs and the mainframe or the Internet

Answer 380

sends a complete message to the concentration point for storage and routing to the destination point as soon as a communications path becomes available

Answer 381

a sophisticated means of maximizing transmission capacity of networks; breaks a message into transmission units (called packets) and routing them individually through the network, depending on the availability of a channel for each packet

Answer 382

a physical communications channel is established between communicating equipment, through a circuit-switched network

Answer 383

a logical circuit between two network devices that provides for reliable data communications

Answer 384

convert computer digital signals into analog data signals and analog data back to digital; make it possible to use analog lines as transmission media for digital networks

Answer 385

a physical layer device used when a physical circuit has more bandwidth capacity than required by individual signals; can allocate portions of its total bandwidth and use each portion as a separate signal link

Answer 386

provides a single, preestablished WAN communication path from the customer premises to a remote network, usually reached through a carrier network such as a telephone company

Answer 387

extends the corporate network securely via encrypted packets sent out via virtual connections over the public Internet to distant offices, home workers, salespeople, and business partners

Answer 388

the process of linking different networks over a large geographical area to allow wider IT resource sharing and connectivity

Answer 389

connects computers and other components to the network using an access point device (wireless)

Answer 390

short-range wireless networks that connect wireless devices to one another (ex: Bluetooth)

Answer 391

a wireless protocol that connects devices within a range of up to 49 ft and has become a feature on some PDAs, mobile phones, mice, printers, etc.

Answer 392

networks designed to dynamically connect remote devices such as cell phones, laptops, and PDAs; have shifting network topologies and maintain random network configurations, relying on a system of mobile routers connected by wireless links to enable devices to communicate

Answer 393

a general term used to describe the multilayered protocol and related technologies that bring Internet content to wireless mobile devices such as PDAs and cell phones

Answer 394

protocol that connects computers to the Internet; tells computers how to exchange information over the Internet

Answer 395

identifies the address on the www where a specific resource is located

Answer 396

a message kept in the web browser for the purpose of identifying users and possibly preparing customized web pages for them

Answer 397

programs downloaded from web servers that execute in web browsers on client machines to run any web based application

Answer 398

a marker or address that identifies a document or a specific place in a document

Answer 399

a traffic concentration spot, usually the point of convergence for Internet access by many Internet service providers

Answer 400

a company that provides the communication lines and services for connecting users

Answer 401

a distributed database system that translates hostnames to IP addresses and IP addresses to hostnames

Answer 402

a protocol that supports one of the most popular uses of the Internet, downloading files (i.e. transferring files from a computer on the Internet to the user's computers)

Answer 403

refers to data transmission between two countries

Answer 404

the delay that a message or packet will experience on its way from source to destination

Answer 405

the quantity of useful work made by the system per unit of time

Answer 406

a network architecture in which each computer or process on the network is either a server (a source of services and data) or a client (a user of these services and data that relies on servers to obtain them)

Answer 407

a client that relies on another host for the majority of processing and hard disk resources necessary to run applications and share files over the network

Answer 408

application processes most or all of its business logic on local computing resources (e.g., the desktop PC)

Answer 409

a class of software employed by client-server applications that serves as the glue between two otherwise distinct application and provides services such as identification, authentication, authorization, directories and security; resides between the application and the network and manages the interaction between the GUI on the front end and data servers on the back end

Answer 410

determined based on the acceptable data loss in case of disruption of operations and indicates the earliest point in time in which it is acceptable to recover the data; effectively quantifies the permissible amount of data loss in case of interruption (measured in time)

Answer 411

determined based on the acceptable downtime in case of a disruption of operations and indicates the earliest point in time at which the business operations must resume after a disaster

Answer 412

identifies the best way to recover a system in case of interruption, including disaster, and provides guidance based on which detailed recovery procedures can be developed

Answer 413

facility with the space and basic infrastructure adequate to support resumption of operations, but lacking any IT or communications equipment, programs, data or office support

Answer 414

packaged, modular processing facility mounted on transportable vehicles and kept ready to be delivered and set up at a location that may be specified upon activation

Answer 415

facility with the space and basic infrastructure, and some or all of the required IT and communications equipment installed

Answer 416

agreement between separate, but similar, companies to temporarily share their IT facilities in the even that one company loses processing capability

Answer 417

facility with space and basic infrastructure and all of the IT and communications equipment required to support the critical applications, along with office furniture and equipment for use by the staff

Answer 418

fully redundant site with real-time data replication from the production site

Answer 419

a type of software (agent) that is installed on every server (node) in which the application runs and includes management software that permits control of an tuning the cluster behavior

Answer 420

the application runs on only one (active) node, while the other (passive) nodes are used only if the application fails on the active node

Answer 421

the application runs on every node of the cluster; cluster agents coordinate the information processing between all of the nodes, providing load balancing and coordinating concurrent data access

Answer 422

way to protect data against disk failure by breaking up data and writing data to a series of multiple disks to simultaneously improve performance and/or save large files

Answer 423

a well-structured collection of processes and procedures intended to make the disaster response and recover effort swift, efficient and effective to achieve the synergy between recovery teams (IT specifically)

Answer 424

systems that consist of disk storage and software that control backup and recovery data sets and behave like a conventional tape library, however data is stored on a disk array

Answer 425

replication is executed at the host (server) level by a special software running on this server and on the target server

Answer 426

the replication is performed at the disk array level, completely hidden from servers and application

Answer 427

technology that is very flexible, allowing making different types of momentary copies of volumes or file systems

Answer 428

type of backup that scheme copies all files and folders to the backup media, creating one backup set

Answer 429

type of backup that copies the files and folders that changes or are new since the last incremental or full backup

Answer 430

type of backup that copies all files and folders that have been added or changed since a full backup was performed; faster and requires less media capacity than a full backup

Answer 431

a backup method in which daily backups (sons) are made over the course of a week, the final backup during the week becomes the backup for that week (father), the earlier daily backup media are then rotated for reuse as backup media for the second week, at the end of the month, the final weekly backup is retained as the backup for that month (grandfather)

Answer 432